Solved

C++ Windos Registry: What is the safest way to make startup entry in C++

Posted on 2011-03-11
22
434 Views
Last Modified: 2013-12-04
Please Help ........

I'm using simple Registry methos off winreg for the startup entry off my application but Kaspersky and Norton antivirus says it is a dangerous application and ask for the ALLOW/DISALLOW.

I'm screwed totaly I tried cmd but not work same problem I use WinExec,ShellExecute,System,Createprocess but cant successed.

Any Help will be appreciable.


<minor phrasing clean-up by modus_operandi>
0
Comment
Question by:John-Paul75
  • 9
  • 4
  • 4
  • +1
22 Comments
 
LVL 14

Expert Comment

by:DonConsolio
ID: 35107620
This is the expected behaviour of AV programs - they prevent unknown processes
from making such modifications to your system. You can either whitelist your application
or press allow.
0
 

Author Comment

by:John-Paul75
ID: 35107757
Thanks...
These is not the way actualy I've to deliver this application to my client and at the time off demo he rejected this application because of it.

I need code which I should implement in my program
0
 

Author Comment

by:John-Paul75
ID: 35107919
Any answer Plz.........................

It's an urgent
0
 
LVL 86

Expert Comment

by:jkr
ID: 35112281
The following code would do that:
BOOL AddToRunKey ( LPCTSTR pszPath, LPCTSTR pszName) {

	BOOL bRC = FALSE;

	LPCTSTR pszSubKey = _T("Software\\Microsoft\\Windows\\CurrentVersion\\Run");
	HKEY hBase = HKEY_CURRENT_USER;

	HKEY hKey = NULL;
	REGSAM sam = KEY_SET_VALUE | KEY_READ;

	if ( ERROR_SUCCESS != RegOpenKeyEx ( hBase, pszSubKey, 0, sam, &hKey)) {

		return FALSE;
	} 

	__try {

	TCHAR acPath [ 2048];
	DWORD dwType = REG_SZ;
	DWORD dwSize = sizeof ( acPath);

	// Check if entry exists

	if ( ERROR_SUCCESS != RegQueryValueEx ( hKey, pszName, 0, &dwType, ( LPVOID) acPath, &dwSize)) {

		__leave;
	}

	// add new entry

		if ( ERROR_SUCCESS == RegSetValueEx ( hKey, pszName, 0, dwType, ( LPVOID) Path, dwSize)) {

		bRC = TRUE;
	}


	} __finally {

		RegCloseKey ( hKey);
	}

	return bRC;
}

Open in new window

0
 

Author Comment

by:John-Paul75
ID: 35112710
Thanks Savant  thanks a Lot for ur quick and postive reply.

I've a question? I'm trying to make the start up entry for the all user weather I'm runnign this appliaction
from admin or from user account it should run from both accout.

While using KEY_ALL_ACCESS I've problem in windows 7 a promt came with the notification that you don't have the right priveledge to execute.

Well till now my main problem is not resolved i.e. when ever I try to invoke RegSetValueEx function Kaspersky and norton (an anvirus installed on my client PC) promt that "A dangerous program is going to run" will you allow it for running or not or block it . when ever I remove this function from my programm it work smooth.One thing more these antivirus were asking for the digital siganture to.

Why these problem persists I don't know I'm facing these ploblem since 2-3 days I've tryied all the possible know logic off mine but still stucked.

Whie googling I had found that API function hooking can make it possible but i didn't find any perfect
code regarding that I think it help me.

Please Help Me regardign  these ................

0
 
LVL 86

Expert Comment

by:jkr
ID: 35112808
Well, that's the problem with scanners like these, they hook these calls and bring up reports regardless of the application being hostile or not. The only thing you could do is clearly informing the user that you are in fact placing an entry there and that their AV scanners will report that - that's pretty much it...
0
 

Author Comment

by:John-Paul75
ID: 35113100
Hi Savant,

But we can't stop in this way we have to find the proper way to resolve this.
What I found is the only way is to use hooking of api the then change the memory location of the process and call it but don't know to implement it.

May be I'm wrong some were because I'm giving the answer from a malware forum .

But I  need help in this regard,
Thanks n Adv.
0
 
LVL 86

Expert Comment

by:jkr
ID: 35113378
The only way is to ask the user to deactivate the scanner - you cannot avoid the scanner detecting the access to that very registry key and alarming the user.
0
 
LVL 10

Expert Comment

by:pjasnos
ID: 35113776
You can try get a code signing certificate and sign your program, which could make these scanners happier.


Or perhaps making a shortcut in the Autostart section of start menu will work better for you?
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 

Author Comment

by:John-Paul75
ID: 35114548
Humm..
you all right but the point is not their any way to do that.

pjasnos can help me in making this shortcut in startup menu through c++ or if you know any link
then Please....

Thanks you all for such a postive reponse.. Apprecitating reponse.
0
 
LVL 10

Accepted Solution

by:
pjasnos earned 500 total points
ID: 35115564
You can use function CreateLink from here http://msdn.microsoft.com/en-us/library/aa969393.aspx#Shellink_Creating_Shortcut

I've modified it slightly to use Unicode:
HRESULT CreateLink(LPTSTR lpszPathObj, LPTSTR lpszPathLink, LPTSTR lpszDesc) 
{ 
    HRESULT hres; 
    IShellLink* psl; 
 
    // Get a pointer to the IShellLink interface. 
    hres = CoCreateInstance(CLSID_ShellLink, NULL, CLSCTX_INPROC_SERVER, 
                            IID_IShellLink, (LPVOID*)&psl); 
    if (SUCCEEDED(hres)) 
    { 
        IPersistFile* ppf; 
 
        // Set the path to the shortcut target and add the description. 
        psl->SetPath(lpszPathObj); 
        psl->SetDescription(lpszDesc); 
 
        // Query IShellLink for the IPersistFile interface for saving the 
        // shortcut in persistent storage. 
        hres = psl->QueryInterface(IID_IPersistFile, (LPVOID*)&ppf); 
 
        if (SUCCEEDED(hres)) 
        { 
            // Save the link by calling IPersistFile::Save. 
            hres = ppf->Save(lpszPathLink, TRUE); 
            ppf->Release(); 
        } 
        psl->Release(); 
    } 
    return hres; 
}

Open in new window


and then you can call it like this:
TCHAR startupPath[MAX_PATH];
SHGetFolderPath(NULL, CSIDL_STARTUP, NULL, SHGFP_TYPE_CURRENT, startupPath);
PathAppend(startupPath, L"My_shortcut.lnk");
CreateLink(L"C:\\Path_to_Your_program\yourpogram.exe", startupPath, L"Some Description");

Open in new window

0
 

Author Comment

by:John-Paul75
ID: 35116369
Thanks pjasnos,

I definately help me.

But is their any other help which is tested and fully confident one that antivirus would
not signal only for theses a dangerous application.
0
 
LVL 10

Expert Comment

by:pjasnos
ID: 35117850
It depends on the antivirus and it's configuration. There is a alot of ways you can make your application autostart - e.g. you can write a windows service.

You can find a long list of most of the ways you can make a program autostart here:
http://gladiator-antivirus.com/forum/index.php?showtopic=24610

0
 

Author Comment

by:John-Paul75
ID: 35123239
Thanks but this all r the detected behaviour of the antivirus,
may this acitvity degrade my applications.

I'm looking for the process which dont promt or let them to promt
as virus behaviour.

As this is my issue may be it comes 2 u all, so if u find any perfect solution
then intimate me Please.

Well at present I'm using the codes which were suggested by pjasnos and jkr.
Checking which will succeed
0
 
LVL 86

Expert Comment

by:jkr
ID: 35123794
Not quite sure why you would want to delete this Q. All the choices have been presented to you, yet you refuse to accept that you cannot circumvent a scanner alert. That will happen, and all you can do is informing the user up front.
0
 
LVL 10

Expert Comment

by:pjasnos
ID: 35124415
I've got a feeling you're using an antivirus with some sort of 'paranoid' settings enabled. If a user wants to enable such settings and be notified about *everything*. then that's what he should get.

As for a startup entry - why not create it with the installer you're using for packaging your program? With a tickbox allowing the user to choose whether to auto-start your program and then they would expect their antivirus to pop-up and indicate that some program wants to adds its entry to auto-start key/folder.
0
 

Author Comment

by:John-Paul75
ID: 35125445
I repect u all quick response well creating a installer may make some thing possible for me and that
what I've decicded to do that's why I tooked this decision.

Well if any one succeed in by passing the pop up of this antiviruses then please mail me ([email address removed - Modalot]) and I do try my best to resolve  with this issue.

I'm not disappointed from you all best efforts but I don't yet got the perfect answer of my question
Thanks u All
0
 
LVL 14

Expert Comment

by:DonConsolio
ID: 35128586
I am afraid there is no "perfect" answer to your question.
The answer would be a way to circumvent system/antivirus protection and
such answers would violate the Experts Exchange Guidelines.
0
 

Author Comment

by:John-Paul75
ID: 35140985
DonConsolio is right .

Well i'm agree with the suggestion of the pjasnos and I've also given my feedback on that.In this case I seem to be right and you r wrong modus operans.

As I'm not disagree with my all friends who hardly answered my question.I really appreciates the forum quick reply and I'm again and agian going to ask my problem with u all friends.

But I've yet not got the way that I was expecting. But friends I don't want to hurt any one efforts.
Sorry If my any commends hurts u all respected members.


I was here to got my anwer may be next time definetly you or me give the answer.
But right now I'm not using any of the features mentioned above I just use the installer for the deployment of my application.

OK still if some one can answer u are welcome other wise I request authoried person to delete this question.

Thanks
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

What my article will show is if you ever had to do processing to a listbox without being able to just select all the items in it. My software Visual Studio 2008 crystal report v11 My issue was I wanted to add crystal report to a form and show…
For most people, the WrapPanel seems like a magic when they switch from WinForms to WPF. Most of us will think that the code that is used to write a control like that would be difficult. However, most of the work is done by the WPF engine, and the W…
This is Part 3 in a 3-part series on Experts Exchange to discuss error handling in VBA code written for Excel. Part 1 of this series discussed basic error handling code using VBA. http://www.experts-exchange.com/videos/1478/Excel-Error-Handlin…
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

24 Experts available now in Live!

Get 1:1 Help Now